package com.xxiongb.login.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;

import com.xxiongb.login.constant.AppConstants;
import com.xxiongb.login.constant.RoleConstants;

@Configuration
// @EnableResourceServer
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

	@Autowired
	private AuthenticationManager authenticationManager;

	@Autowired
	@Qualifier("customUserDetailsService")
	private UserDetailsService userDetailsService = null;

	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		endpoints.tokenStore(tokenStore()).allowedTokenEndpointRequestMethods(HttpMethod.POST)
				.userDetailsService(userDetailsService).authenticationManager(authenticationManager);
	}


	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

		// client-id: acme
		// client-secret: acmesecret
		// token-name: xxiongb
		// accessTokenUri: /oauth/token
		// authorized-grant-types: password,refresh_token
		// scope: openid
		clients.inMemory().withClient(AppConstants.APP_CLIENT).secret(AppConstants.APP_SECRET)
				.authorities(RoleConstants.ROLE_USER_STANDARD, RoleConstants.ROLE_USER_GOLD,
						RoleConstants.ROLE_USER_ADMIN)
				.authorizedGrantTypes("password", "refresh_token").scopes("openid")
				.accessTokenValiditySeconds(2 * 3600);
	}

	@Bean
	public DefaultAccessTokenConverter defaultAccessTokenConverter() {
		return new DefaultAccessTokenConverter();
	}

	@Bean
	public TokenStore tokenStore() {
		return new InMemoryTokenStore();
	}

	@Override
	public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("permitAll()");
	}

	// @Override
	// public void configure(ClientDetailsServiceConfigurer clients) throws
	// Exception {
	// // @formatter:off
	// clients
	// .inMemory()
	// .withClient("acme")
	// .authorizedGrantTypes("password", "refresh_token")
	// .authorities("USER")
	// .scopes("read", "write")
	// .secret("acmesecret")
	//// .resourceIds(Application.OAUTH_ID)
	// ;
	// // @formatter:on
	// }

	// @Bean
	// @Primary
	// public DefaultTokenServices tokenServices() {
	// DefaultTokenServices tokenServices = new DefaultTokenServices();
	// tokenServices.setSupportRefreshToken(true);
	// tokenServices.setTokenStore(this.tokenStore);
	// return tokenServices;
	// }

}
